aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
m---------kubernetes/aai0
-rw-r--r--kubernetes/common/cassandra/templates/backup/cronjob.yaml6
-rw-r--r--kubernetes/common/common/templates/_name.tpl2
-rw-r--r--kubernetes/common/common/templates/_service.tpl1
-rw-r--r--kubernetes/common/postgres/templates/_deployment.tpl3
-rw-r--r--kubernetes/common/postgres/values.yaml47
-rw-r--r--kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml6
-rw-r--r--kubernetes/nbi/templates/deployment.yaml4
-rw-r--r--kubernetes/nbi/values.yaml2
-rw-r--r--kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml3
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml21
-rw-r--r--kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml15
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/values.yaml11
-rw-r--r--kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml3
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml7
-rw-r--r--kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml15
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml11
-rw-r--r--kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml3
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml7
-rw-r--r--kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml15
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-data/values.yaml11
-rw-r--r--kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml3
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml8
-rw-r--r--kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml15
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml11
-rw-r--r--kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml3
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml7
-rw-r--r--kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml15
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml11
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/AAF_RootCA.cer31
-rw-r--r--kubernetes/oof/components/oof-has/resources/config/nginx.conf4
-rw-r--r--kubernetes/oof/components/oof-has/templates/secret.yaml15
-rwxr-xr-xkubernetes/oof/components/oof-has/values.yaml17
-rwxr-xr-xkubernetes/oof/components/oof-templates/Chart.yaml19
-rwxr-xr-xkubernetes/oof/components/oof-templates/requirements.yaml20
-rw-r--r--kubernetes/oof/components/oof-templates/templates/_certificate.tpl11
-rw-r--r--kubernetes/oof/components/oof-templates/values.yaml14
-rwxr-xr-xkubernetes/oof/requirements.yaml3
-rwxr-xr-xkubernetes/oof/resources/config/certs/aaf_root_ca.cer (renamed from kubernetes/oof/resources/config/aaf_root_ca.cer)0
-rw-r--r--kubernetes/oof/resources/config/certs/intermediate_root_ca.pem27
-rw-r--r--kubernetes/oof/resources/config/conf/common_config.yaml (renamed from kubernetes/oof/resources/config/common_config.yaml)12
-rw-r--r--kubernetes/oof/resources/config/conf/log.yml (renamed from kubernetes/oof/resources/config/log.yml)0
-rwxr-xr-xkubernetes/oof/resources/config/conf/osdf_config.yaml (renamed from kubernetes/oof/resources/config/osdf_config.yaml)0
-rw-r--r--kubernetes/oof/templates/configmap.yaml2
-rw-r--r--kubernetes/oof/templates/deployment.yaml16
-rw-r--r--kubernetes/oof/templates/secret.yaml15
-rw-r--r--kubernetes/oof/values.yaml16
-rwxr-xr-xkubernetes/policy/components/policy-distribution/resources/config/config.json2
m---------kubernetes/robot0
-rw-r--r--kubernetes/sdc/components/sdc-be/values.yaml3
-rw-r--r--kubernetes/sdc/values.yaml2
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml5
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/Chart.yaml18
-rwxr-xr-xkubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml23
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml47
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml41
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml86
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/ingress.yaml15
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/secret.yaml15
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/service.yaml15
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml146
-rwxr-xr-xkubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh7
-rwxr-xr-xkubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh7
-rwxr-xr-xkubernetes/so/components/so-oof-adapter/Chart.yaml19
-rw-r--r--kubernetes/so/components/so-oof-adapter/requirements.yaml24
-rwxr-xr-xkubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml58
-rwxr-xr-xkubernetes/so/components/so-oof-adapter/templates/configmap.yaml50
-rwxr-xr-xkubernetes/so/components/so-oof-adapter/templates/deployment.yaml109
-rw-r--r--kubernetes/so/components/so-oof-adapter/templates/secret.yaml16
-rwxr-xr-xkubernetes/so/components/so-oof-adapter/templates/service.yaml16
-rwxr-xr-xkubernetes/so/components/so-oof-adapter/values.yaml143
-rwxr-xr-xkubernetes/so/requirements.yaml8
-rwxr-xr-xkubernetes/so/values.yaml26
-rw-r--r--kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml2
74 files changed, 1292 insertions, 99 deletions
diff --git a/kubernetes/aai b/kubernetes/aai
-Subproject fa694e0feb325333cfffb7d7852aa97264f96b6
+Subproject a8c4e701f9c26038a9ac9f22d5dd95fd54ebc1c
diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml
index 1d1e4594da..cabe59f696 100644
--- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml
+++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml
@@ -59,7 +59,7 @@ spec:
curr_time=$1
echo "Clearing snapshots!!!"
command="nodetool clearsnapshot -t $curr_time"
- /app/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "{{ include "common.name" . }}" -c "$command"
}
{{ $root := . }}
curr_time=`date +%s`
@@ -75,11 +75,11 @@ spec:
echo "Executing cleanup!!"
command="nodetool cleanup"
- /app/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "{{ include "common.name" . }}" -c "$command"
echo "Cleaned Node!! Backing up database now!!!"
command="nodetool snapshot -t $curr_time"
- /app/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "{{ include "common.name" . }}" -c "$command"
retCode=$?
if [ $retCode -ne 0 ]; then
echo "Backup Failed!!!"
diff --git a/kubernetes/common/common/templates/_name.tpl b/kubernetes/common/common/templates/_name.tpl
index adbe2b6cf9..793fb3e07b 100644
--- a/kubernetes/common/common/templates/_name.tpl
+++ b/kubernetes/common/common/templates/_name.tpl
@@ -53,7 +53,7 @@
{{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}}
{{/* when linted, the name must be lower cased. When used from a component,
name should be overriden in order to avoid collision so no need to do it */}}
- {{- if eq (printf "common/%s/templates" $name) $dot.Template.BasePath -}}
+ {{- if eq (printf "%s/templates" $name) $dot.Template.BasePath -}}
{{- $name = lower $name -}}
{{- end -}}
{{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }}
diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl
index 3d745ed819..dddd63491d 100644
--- a/kubernetes/common/common/templates/_service.tpl
+++ b/kubernetes/common/common/templates/_service.tpl
@@ -94,6 +94,7 @@ annotations:
"version": "{{ default "v1" $msb_information.version }}",
"url": "{{ default "/" $msb_information.url }}",
"protocol": "{{ default "REST" $msb_information.protocol }}",
+ "enable_ssl": {{ default false $msb_information.enable_ssl }},
"port": "{{ $msb_information.port }}",
"visualRange":"{{ default "1" $msb_information.visualRange }}"
}
diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl
index 9ce9b88644..1048811328 100644
--- a/kubernetes/common/postgres/templates/_deployment.tpl
+++ b/kubernetes/common/postgres/templates/_deployment.tpl
@@ -146,8 +146,7 @@ spec:
- mountPath: /backup
name: {{ include "common.fullname" $dot }}-backup
readOnly: true
- resources:
-{{ include "common.resources" $dot | indent 12 }}
+ resources: {{ include "common.resources" $dot | nindent 12 }}
{{- if $dot.Values.nodeSelector }}
nodeSelector:
{{ toYaml $dot.Values.nodeSelector | indent 10 }}
diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml
index fbc43c0768..b653ba1a41 100644
--- a/kubernetes/common/postgres/values.yaml
+++ b/kubernetes/common/postgres/values.yaml
@@ -125,21 +125,32 @@ service:
ingress:
enabled: false
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+flavor: small
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 90Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
diff --git a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml
index 652acd5fa7..19d872fe12 100644
--- a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml
+++ b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml
@@ -570,7 +570,7 @@
</void>
<void method="put">
<int>37</int>
- <string>-477565695</string>
+ <string>-1501801709</string>
</void>
<void method="put">
<int>20037</int>
@@ -810,7 +810,7 @@
</void>
<void method="put">
<int>20011</int>
- <boolean>true</boolean>
+ <boolean>false</boolean>
</void>
<void method="put">
<int>10011</int>
@@ -842,7 +842,7 @@
</void>
<void method="put">
<int>20013</int>
- <boolean>true</boolean>
+ <boolean>false</boolean>
</void>
<void method="put">
<int>10013</int>
diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml
index febb8a9624..6d5b2d508f 100644
--- a/kubernetes/nbi/templates/deployment.yaml
+++ b/kubernetes/nbi/templates/deployment.yaml
@@ -100,6 +100,10 @@ spec:
value: {{ .Values.config.openStackVNFTenantId | quote }}
- name: ONAP_CLOUDOWNER
value: {{ .Values.config.cloudOwner }}
+ - name: ONAP_K8SCLOUDREGIONID
+ value: {{ .Values.config.k8sCloudRegionId }}
+ - name: ONAP_K8SCLOUDOWNER
+ value: {{ .Values.config.k8sCloudOwner }}
- name: NBI_URL
value: "https://nbi.{{ include "common.namespace" . }}:8443/nbi/api/v4"
- name: SDC_HOST
diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml
index 0f3fd1a352..58fa33611c 100644
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -83,6 +83,8 @@ config:
logstashServiceName: log-ls
logstashPort: 5044
cloudOwner: CloudOwner
+ k8sCloudRegionId: k8sregionfour
+ k8sCloudOwner: k8scloudowner4
ecompInstanceId: OOM
openStackRegion: RegionOne
openStackVNFTenantId: 31047205ce114b60833b23e400d6a535
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml
index 1d9792fa5f..90fe5dd732 100644
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: certInitializer
version: ~6.x-0
repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
index 1538b47343..78c054bd28 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
@@ -122,13 +122,21 @@ spec:
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: log.conf
- mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
resources:
{{ include "common.resources" . | indent 12 }}
- name: {{ include "common.name" . }}-nginx
image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.nginx.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ grep -v '^$' /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt
+ cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt
+ /opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
{{- if .Values.liveness.enabled }}
@@ -151,6 +159,12 @@ spec:
- mountPath: /opt/bitnami/nginx/conf/nginx.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: nginx.conf
+ - mountPath: /tmp/AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
+ - mountPath: /tmp/intermediate_root_ca.pem
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: intermediate_root_ca.pem
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -176,7 +190,6 @@ spec:
path: conductor.conf
- key: log.conf
path: log.conf
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml
new file mode 100644
index 0000000000..c5fe2be5da
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
index f19ecb61ee..b17eed6b2f 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
@@ -16,7 +16,16 @@
global: # global defaults
nodePortPrefix: 302
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
service:
type: NodePort
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml
index 1967814f63..1bb059b173 100644
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
- name: common
version: ~6.x-0
repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
index 506ff939e3..53e053aa42 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
@@ -127,8 +127,8 @@ spec:
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -153,7 +153,6 @@ spec:
path: log.conf
- key: healthy.sh
path: healthy.sh
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml
new file mode 100644
index 0000000000..c5fe2be5da
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
index 5fa0f2408e..327a537f41 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
@@ -16,7 +16,16 @@ global:
readinessImage: onap/oom/readiness:3.0.1
repository: nexus3.onap.org:10001
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
ingress:
enabled: false
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml
index 1967814f63..1bb059b173 100644
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
- name: common
version: ~6.x-0
repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
index 2041dd2c9d..3ed74a048a 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
@@ -147,8 +147,8 @@ spec:
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: aai_key.key
- mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -177,7 +177,6 @@ spec:
path: aai_cert.cer
- key: aai_key.key
path: aai_key.key
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml
new file mode 100644
index 0000000000..c5fe2be5da
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
index 5fa0f2408e..570c0df5b2 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
@@ -16,7 +16,16 @@ global:
readinessImage: onap/oom/readiness:3.0.1
repository: nexus3.onap.org:10001
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
ingress:
enabled: false
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml
index 1967814f63..1bb059b173 100644
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
- name: common
version: ~6.x-0
repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
index 10bba9f61e..4f5067db12 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
@@ -141,8 +141,8 @@ spec:
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -167,8 +167,6 @@ spec:
path: log.conf
- key: healthy.sh
path: healthy.sh
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
-
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml
new file mode 100644
index 0000000000..c5fe2be5da
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
index 5fa0f2408e..570c0df5b2 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
@@ -16,7 +16,16 @@ global:
readinessImage: onap/oom/readiness:3.0.1
repository: nexus3.onap.org:10001
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
ingress:
enabled: false
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml
index 1967814f63..1bb059b173 100644
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
- name: common
version: ~6.x-0
repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
index 55c9d362e4..d1e4946ae1 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
@@ -141,8 +141,8 @@ spec:
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -167,7 +167,6 @@ spec:
path: log.conf
- key: healthy.sh
path: healthy.sh
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml
new file mode 100644
index 0000000000..c5fe2be5da
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
index 5fa0f2408e..570c0df5b2 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
@@ -16,7 +16,16 @@ global:
readinessImage: onap/oom/readiness:3.0.1
repository: nexus3.onap.org:10001
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
ingress:
enabled: false
diff --git a/kubernetes/oof/components/oof-has/resources/config/AAF_RootCA.cer b/kubernetes/oof/components/oof-has/resources/config/AAF_RootCA.cer
deleted file mode 100755
index e9a50d7ea0..0000000000
--- a/kubernetes/oof/components/oof-has/resources/config/AAF_RootCA.cer
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
diff --git a/kubernetes/oof/components/oof-has/resources/config/nginx.conf b/kubernetes/oof/components/oof-has/resources/config/nginx.conf
index a6790164d8..cbb1b60a58 100644
--- a/kubernetes/oof/components/oof-has/resources/config/nginx.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/nginx.conf
@@ -13,9 +13,9 @@ http {
listen 8091 ssl;
server_name oof;
- ssl_certificate /opt/bitnami/nginx/ssl/local/org.onap.oof.crt;
+ ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt;
ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
diff --git a/kubernetes/oof/components/oof-has/templates/secret.yaml b/kubernetes/oof/components/oof-has/templates/secret.yaml
new file mode 100644
index 0000000000..c5fe2be5da
--- /dev/null
+++ b/kubernetes/oof/components/oof-has/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml
index c7799cdc02..ffd11db2dd 100755
--- a/kubernetes/oof/components/oof-has/values.yaml
+++ b/kubernetes/oof/components/oof-has/values.yaml
@@ -23,11 +23,21 @@ global:
repository: nexus3.onap.org:10001
commonConfigPrefix: onap-oof-has
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
filebeat: docker.elastic.co/beats/filebeat:5.5.0
persistence:
enabled: true
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
pullPolicy: Always
nodePortPrefix: 302
dataRootDir: /dockerdata-nfs
@@ -70,12 +80,17 @@ resources:
#component overrides
oof-has-api:
enabled: true
+ certSecret: *oof-certs
oof-has-controller:
enabled: true
+ certSecret: *oof-certs
oof-has-data:
enabled: true
+ certSecret: *oof-certs
oof-has-reservation:
enabled: true
+ certSecret: *oof-certs
oof-has-solver:
enabled: true
+ certSecret: *oof-certs
diff --git a/kubernetes/oof/components/oof-templates/Chart.yaml b/kubernetes/oof/components/oof-templates/Chart.yaml
new file mode 100755
index 0000000000..885491c1a9
--- /dev/null
+++ b/kubernetes/oof/components/oof-templates/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP OOF helm templates
+name: oof-templates
+version: 6.0.0
diff --git a/kubernetes/oof/components/oof-templates/requirements.yaml b/kubernetes/oof/components/oof-templates/requirements.yaml
new file mode 100755
index 0000000000..b93260a4fa
--- /dev/null
+++ b/kubernetes/oof/components/oof-templates/requirements.yaml
@@ -0,0 +1,20 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+
diff --git a/kubernetes/oof/components/oof-templates/templates/_certificate.tpl b/kubernetes/oof/components/oof-templates/templates/_certificate.tpl
new file mode 100644
index 0000000000..4da128bcbb
--- /dev/null
+++ b/kubernetes/oof/components/oof-templates/templates/_certificate.tpl
@@ -0,0 +1,11 @@
+{{- define "oof.certificate.volume" -}}
+- name: {{ include "common.fullname" . }}-onap-certs
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "oof-onap-certs") }}
+ items:
+ - key: aaf_root_ca.cer
+ path: aaf_root_ca.cer
+ - key: intermediate_root_ca.pem
+ path: intermediate_root_ca.pem
+{{- end -}}
+
diff --git a/kubernetes/oof/components/oof-templates/values.yaml b/kubernetes/oof/components/oof-templates/values.yaml
new file mode 100644
index 0000000000..a97238e9af
--- /dev/null
+++ b/kubernetes/oof/components/oof-templates/values.yaml
@@ -0,0 +1,14 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
diff --git a/kubernetes/oof/requirements.yaml b/kubernetes/oof/requirements.yaml
index ebd2d8ffee..2d1f9b3596 100755
--- a/kubernetes/oof/requirements.yaml
+++ b/kubernetes/oof/requirements.yaml
@@ -28,3 +28,6 @@ dependencies:
version: ~6.x-0
repository: 'file://components/oof-has'
condition: oof-has.enabled
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://components/oof-templates'
diff --git a/kubernetes/oof/resources/config/aaf_root_ca.cer b/kubernetes/oof/resources/config/certs/aaf_root_ca.cer
index e9a50d7ea0..e9a50d7ea0 100755
--- a/kubernetes/oof/resources/config/aaf_root_ca.cer
+++ b/kubernetes/oof/resources/config/certs/aaf_root_ca.cer
diff --git a/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem b/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem
new file mode 100644
index 0000000000..b67866d160
--- /dev/null
+++ b/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
+RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
+MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
+A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
+neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
+o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
+nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
+v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
+15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
+gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
+M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
+BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
+ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
+u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
+QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
+8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
+kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
+aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
+uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
+tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
+BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
+-----END CERTIFICATE-----
+
diff --git a/kubernetes/oof/resources/config/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml
index 7e8fe5dc72..1109ab8167 100644
--- a/kubernetes/oof/resources/config/common_config.yaml
+++ b/kubernetes/oof/resources/config/conf/common_config.yaml
@@ -5,7 +5,7 @@ osdf_system:
external: 8698 # clients use this port on DockerHost
osdf_ip_default: 0.0.0.0
# # Important Note: At deployment time, we need to ensure the port mapping is done
- ssl_context: ['/opt/osdf/osaaf/local/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']
+ ssl_context: ['/opt/osdf/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']
osdf_temp: # special configuration required for "workarounds" or testing
local_policies:
@@ -67,6 +67,9 @@ references:
resource_sharing_level:
source: request
value: serviceProfile.resourceSharingLevel
+ slice_scope:
+ source: request
+ value: slice_scope
reuse_preference:
source: request
value: preferReuse
@@ -86,10 +89,11 @@ policy_info:
policy_scope:
-
scope:
- - get_param: resource_sharing_level
- - get_param: reuse_preference
+ - get_param: slice_scope
services:
- get_param: service_name
+ resources:
+ - get_param: service_name
subnet_selection:
policy_fetch: by_scope
@@ -98,6 +102,8 @@ policy_info:
- OSDF_GUILIN
services:
- get_param: service_name
+ resources:
+ - get_param: service_name
placement:
policy_fetch: by_scope
diff --git a/kubernetes/oof/resources/config/log.yml b/kubernetes/oof/resources/config/conf/log.yml
index 3966ea28c0..3966ea28c0 100644
--- a/kubernetes/oof/resources/config/log.yml
+++ b/kubernetes/oof/resources/config/conf/log.yml
diff --git a/kubernetes/oof/resources/config/osdf_config.yaml b/kubernetes/oof/resources/config/conf/osdf_config.yaml
index 5c9aa2bb64..5c9aa2bb64 100755
--- a/kubernetes/oof/resources/config/osdf_config.yaml
+++ b/kubernetes/oof/resources/config/conf/osdf_config.yaml
diff --git a/kubernetes/oof/templates/configmap.yaml b/kubernetes/oof/templates/configmap.yaml
index 75f7e42277..7176f138c9 100644
--- a/kubernetes/oof/templates/configmap.yaml
+++ b/kubernetes/oof/templates/configmap.yaml
@@ -24,4 +24,4 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/conf/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml
index 76d1a62604..cbf4156d23 100644
--- a/kubernetes/oof/templates/deployment.yaml
+++ b/kubernetes/oof/templates/deployment.yaml
@@ -73,6 +73,14 @@ spec:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt
+ cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt
+ ./osdfapp.sh -x osdfapp.py
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
@@ -99,8 +107,11 @@ spec:
name: {{ include "common.fullname" . }}-config
subPath: osdf_config.yaml
- mountPath: /opt/app/ssl_cert/aaf_root_ca.cer
- name: {{ include "common.fullname" . }}-config
+ name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ - mountPath: /opt/app/ssl_cert/intermediate_root_ca.pem
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: intermediate_root_ca.pem
- mountPath: /opt/osdf/config/common_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: common_config.yaml
@@ -129,11 +140,10 @@ spec:
items:
- key: osdf_config.yaml
path: osdf_config.yaml
- - key: aaf_root_ca.cer
- path: aaf_root_ca.cer
- key: common_config.yaml
path: common_config.yaml
- key: log.yml
path: log.yml
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/templates/secret.yaml b/kubernetes/oof/templates/secret.yaml
new file mode 100644
index 0000000000..c5fe2be5da
--- /dev/null
+++ b/kubernetes/oof/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml
index 0dc035494b..bce02d42b1 100644
--- a/kubernetes/oof/values.yaml
+++ b/kubernetes/oof/values.yaml
@@ -21,12 +21,25 @@ global:
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths:
+ - resources/config/certs/intermediate_root_ca.pem
+ - resources/config/certs/aaf_root_ca.cer
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-osdf:3.0.0
+image: onap/optf-osdf:3.0.1
pullPolicy: Always
# flag to enable debugging - application support required
@@ -161,3 +174,4 @@ oof-cmso:
enabled: true
oof-has:
enabled: true
+ certSecret: *oof-certs
diff --git a/kubernetes/policy/components/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json
index 9b9a7a5a93..8d31575a3f 100755
--- a/kubernetes/policy/components/policy-distribution/resources/config/config.json
+++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json
@@ -54,7 +54,7 @@
"parameters":{
"asdcAddress": "sdc-be:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "${SDCBE_USER}",
"password": "${SDCBE_PASSWORD}",
diff --git a/kubernetes/robot b/kubernetes/robot
-Subproject 34913f2223539640c81ae9e7a65744a09a95c9c
+Subproject da28d1cdc573a726d3fc8a19638ebc8b3679295
diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index b825b703b4..03b6db066a 100644
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -104,12 +104,13 @@ service:
name: sdc-be
both_tls_and_plain: true
msb:
- - port: 8080
+ - port: 8443
url: "/sdc/v1"
version: "v1"
protocol: "REST"
visualRange: "1"
serviceName: sdc
+ enable_ssl: true
- port: 8080
url: "/sdc/v1"
version: "v1"
diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml
index 4cd0597e10..f6e0376067 100644
--- a/kubernetes/sdc/values.yaml
+++ b/kubernetes/sdc/values.yaml
@@ -53,7 +53,7 @@ config:
logstashPort: 5044
environment:
workflowUrl: 10.0.2.15
- vnfRepoPort: 8702
+ vnfRepoPort: 8703
#Used only if localCluster is enabled. Instantiates SDC's own cassandra cluster
cassandra:
diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
index 028b698657..4429bd9f46 100755
--- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
@@ -106,6 +106,11 @@ mso:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
nssmf:
endpoint: http://so-nssmf-adapter.{{ include "common.namespace" . }}:8088
+ oof:
+ endpoint: http://so-oof-adapter.{{ include "common.namespace" . }}:8090/so/adapters/oof/v1
+ timeout: PT5M
+ callback:
+ endpoint: http://so-oof-adapter.{{ include "common.namespace" . }}:8090/so/adapters/oof/callback/v1
bpmn:
process:
historyTimeToLive: '30'
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/Chart.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/Chart.yaml
new file mode 100644
index 0000000000..c4fb9a49d5
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP SO ETSI NFVO NS LCM
+name: so-etsi-nfvo-ns-lcm
+version: 6.0.0
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml
new file mode 100755
index 0000000000..1feea23842
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml
@@ -0,0 +1,23 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml
new file mode 100644
index 0000000000..64fd243a27
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml
@@ -0,0 +1,47 @@
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+aai:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ version: v19
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+spring:
+ security:
+ usercredentials:
+ - username: ${ETSI_NFVO_USERNAME}
+ password: ${ETSI_NFVO_PASSWORD}
+ role: ETSI-NFVO-Client
+server:
+ port: {{ .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+mso:
+ key: {{ .Values.mso.key }}
+so:
+ adapters:
+ sol003-adapter:
+ url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1
+ auth: {{ .Values.so.sol003.adapter.auth }}
+etsi-catalog-manager:
+ base:
+ {{- if .Values.global.msbEnabled }}
+ endpoint: https://msb-iag:443/api
+ http:
+ client:
+ ssl:
+ trust-store: ${TRUSTSTORE}
+ trust-store-password: ${TRUSTSTORE_PASSWORD}
+ {{- else }}
+ endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api
+ {{- end }}
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml
new file mode 100644
index 0000000000..97f7d4e71d
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml
@@ -0,0 +1,41 @@
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
new file mode 100644
index 0000000000..fbba76f13f
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
@@ -0,0 +1,86 @@
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ {{- end }}
+ ./start-app.sh
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: ETSI_NFVO_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }}
+ - name: ETSI_NFVO_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }}
+ {{ include "so.certificates.env" . | indent 12 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-truststore
+ mountPath: /app/client
+ readonly: true
+ livenessProbe:
+ tcpSocket:
+ port: {{ index .Values.livenessProbe.port }}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-truststore
+ secret:
+ secretName: {{ include "common.release" . }}-so-truststore-secret
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/ingress.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/ingress.yaml
new file mode 100644
index 0000000000..443e76b76e
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/ingress.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/secret.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/secret.yaml
new file mode 100644
index 0000000000..493cfe5f88
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/service.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/service.yaml
new file mode 100644
index 0000000000..a1290de24b
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/service.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
new file mode 100644
index 0000000000..79a8276df4
--- /dev/null
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
@@ -0,0 +1,146 @@
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessImage: onap/oom/readiness:3.0.1
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: etsi-nfvo-nslcm-creds
+ name: '{{ include "common.release" . }}-so-etsi-nfvo-nslcm-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.etsi.nfvo.nslcm.credsExternalSecret) . }}'
+ login: '{{ .Values.etsi.nfvo.nslcm.username }}'
+ password: '{{ .Values.etsi.nfvo.nslcm.password }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+repository: nexus3.onap.org:10001
+image: onap/so/so-etsi-nfvo-ns-lcm:1.7.4
+pullPolicy: Always
+
+aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+etsi:
+ nfvo:
+ nslcm:
+ username: so-etsi-nfvo-ns-lcm
+mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+so:
+ sol003:
+ adapter:
+ auth: Basic dm5mbTpwYXNzd29yZDEk
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 9095
+logPath: ./logs/so-etsi-nfvo-ns-lcm/
+app: so-etsi-nfvo-ns-lcm
+service:
+ type: ClusterIP
+ name: so-etsi-nfvo-ns-lcm
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true'
+ msb.onap.org/service-info: |
+ {{ if not .Values.global.msbDisabled -}}[
+ {
+ "serviceName": "{{ include "common.servicename" . }}",
+ "version": "v1",
+ "url": "/so/so-etsi-nfvo-ns-lcm/v1",
+ "protocol": "REST",
+ "port": "{{ include "common.getPort" (dict "global" . "name" "nfvo-nslcm-port") }}",
+ "visualRange":"1"
+ }
+ ]{{ end }}
+ ports:
+ - name: http-api
+ port: *containerPort
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-nfvo-cert-init
+ certInitializer:
+ nameOverride: so-nfvo-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.nfvoAdapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+
+livenessProbe:
+ port: 9095
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: 'soetsinfvonslcm'
+ name: 'so-etsi-nfvo-ns-lcm'
+ port: 9095
+ config:
+ ssl: 'redirect'
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
index a8f772b947..05b1ff70cf 100755
--- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
@@ -23,6 +23,13 @@
echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+DB_PASSWORD=`prepare_password $DB_PASSWORD`
+
mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
DROP USER IF EXISTS '${DB_USER}';
CREATE USER '${DB_USER}';
diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
index adb28fe8e6..593739e1cf 100755
--- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
@@ -23,6 +23,13 @@
echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+DB_ADMIN_PASSWORD=`prepare_password $DB_ADMIN_PASSWORD`
+
mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
DROP USER IF EXISTS '${DB_ADMIN}';
CREATE USER '${DB_ADMIN}';
diff --git a/kubernetes/so/components/so-oof-adapter/Chart.yaml b/kubernetes/so/components/so-oof-adapter/Chart.yaml
new file mode 100755
index 0000000000..cce161a8cd
--- /dev/null
+++ b/kubernetes/so/components/so-oof-adapter/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: so-oof-adapter
+version: 6.0.0
diff --git a/kubernetes/so/components/so-oof-adapter/requirements.yaml b/kubernetes/so/components/so-oof-adapter/requirements.yaml
new file mode 100644
index 0000000000..036860d012
--- /dev/null
+++ b/kubernetes/so/components/so-oof-adapter/requirements.yaml
@@ -0,0 +1,24 @@
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
diff --git a/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml
new file mode 100755
index 0000000000..9aafd4f322
--- /dev/null
+++ b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml
@@ -0,0 +1,58 @@
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+logging:
+ path: logs
+spring:
+ security:
+ usercredentials:
+ - username: ${BPEL_USERNAME}
+ password: ${BPEL_PASSWORD}
+ role: BPEL-Client
+ - username: ${ACTUATOR_USERNAME}
+ password: ${ACTUATOR_PASSWORD}
+ role: ACTUATOR
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+
+mso:
+ site-name: localSite
+ logPath: ./logs/oof
+ msb-ip: msb-iag.{{ include "common.namespace" . }}
+ msb-port: 80
+ msoKey: ${MSO_KEY}
+ camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081
+ camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.camundaAuth )}}
+ workflow:
+ message:
+ endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
+ oof:
+ auth: ${OOF_LOGIN}:${OOF_PASSWORD}
+ endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698
+#Actuator
+management:
+ endpoints:
+ web:
+ base-path: /manage
+ exposure:
+ include: "*"
+ metrics:
+ se-global-registry: false
+ export:
+ prometheus:
+ enabled: true # Whether exporting of metrics to Prometheus is enabled.
+ step: 1m # Step size (i.e. reporting frequency) to use.
diff --git a/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml b/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml
new file mode 100755
index 0000000000..da5fda9c42
--- /dev/null
+++ b/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml
@@ -0,0 +1,50 @@
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
diff --git a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml
new file mode 100755
index 0000000000..f2eae394e7
--- /dev/null
+++ b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml
@@ -0,0 +1,109 @@
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ env:
+ - name: DB_HOST
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.host
+ - name: DB_PORT
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.port
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ - name: MSO_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-adapter-mso-key" "key" "password") | indent 10 }}
+ - name: OOF_LOGIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "login") | indent 10 }}
+ - name: OOF_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "password") | indent 10 }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/components/so-oof-adapter/templates/secret.yaml b/kubernetes/so/components/so-oof-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..31e0ab6a16
--- /dev/null
+++ b/kubernetes/so/components/so-oof-adapter/templates/secret.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/components/so-oof-adapter/templates/service.yaml b/kubernetes/so/components/so-oof-adapter/templates/service.yaml
new file mode 100755
index 0000000000..a4df54737c
--- /dev/null
+++ b/kubernetes/so/components/so-oof-adapter/templates/service.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.service" . }}
diff --git a/kubernetes/so/components/so-oof-adapter/values.yaml b/kubernetes/so/components/so-oof-adapter/values.yaml
new file mode 100755
index 0000000000..e6b96a6b8f
--- /dev/null
+++ b/kubernetes/so/components/so-oof-adapter/values.yaml
@@ -0,0 +1,143 @@
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+# Secrets metaconfig
+#################################################################
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: oof-adapter-mso-key
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}'
+ password: '{{ .Values.mso.msoKey }}'
+ - uid: oof-auth
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mso.oof.authSecret) . }}'
+ login: '{{ .Values.mso.oof.login }}'
+ password: '{{ .Values.mso.oof.password }}'
+ passwordPolicy: required
+
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+repository: nexus3.onap.org:10001
+image: onap/so/so-oof-adapter:1.7.2
+pullPolicy: Always
+
+mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ oof:
+ login: test
+ password: testpwd
+
+replicaCount: 1
+containerPort: &containerPort 8090
+minReadySeconds: 10
+containerPort: *containerPort
+logPath: ./logs/oof/
+app: so-oof-adapter
+service:
+ type: ClusterIP
+ ports:
+ - name: api
+ port: *containerPort
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+
+soHelpers:
+ nameOverride: so-oof-adapter-cert-init
+ certInitializer:
+ nameOverride: so-oof-adapter-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.oofadapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: *containerPort
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml
index 66e16a9562..82cf3e927f 100755
--- a/kubernetes/so/requirements.yaml
+++ b/kubernetes/so/requirements.yaml
@@ -40,6 +40,10 @@ dependencies:
version: ~6.x-0
repository: 'file://components/so-db-secrets'
condition: so-etsi-nfvo-ns-lcm.enabled
+ - name: so-etsi-nfvo-ns-lcm
+ version: ~6.x-0
+ repository: 'file://components/so-etsi-nfvo-ns-lcm'
+ condition: so-etsi-nfvo-ns-lcm.enabled
- name: so-mariadb
version: ~6.x-0
repository: 'file://components/so-mariadb'
@@ -51,6 +55,10 @@ dependencies:
version: ~6.x-0
repository: 'file://components/so-nssmf-adapter'
condition: so-nssmf-adapter.enabled
+ - name: so-oof-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-oof-adapter'
+ condition: so-oof-adapter.enabled
- name: so-openstack-adapter
version: ~6.x-0
repository: 'file://components/so-openstack-adapter'
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index 8c31e71040..0d3b3927ec 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -109,6 +109,16 @@ secrets:
type: generic
filePaths:
- resources/config/certificates/msb-ca.crt
+ - uid: "mso-key"
+ name: &mso-key '{{ include "common.release" . }}-mso-key'
+ type: password
+ password: '{{ .Values.global.app.msoKey }}'
+ - uid: mso-oof-auth
+ name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth'
+ type: basicAuth
+ login: '{{ .Values.mso.oof.login }}'
+ password: '{{ .Values.mso.oof.password }}'
+ passwordPolicy: required
aafConfig:
permission_user: 1000
@@ -225,6 +235,9 @@ mso:
auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
aai:
auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F
+ oof:
+ login: test
+ password: testpwd
so:
operationalEnv:
dmaap:
@@ -246,6 +259,9 @@ so-catalog-db-adapter:
db:
<<: *dbSecrets
+so-etsi-nfvo-ns-lcm:
+ enabled: true
+
so-monitoring:
enabled: true
db:
@@ -282,6 +298,16 @@ so-nssmf-adapter:
db:
<<: *dbSecrets
+so-oof-adapter:
+ enabled: true
+ db:
+ <<: *dbSecrets
+ mso:
+ msoKeySecret: *mso-key
+ camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ oof:
+ authSecret: *mso-oof-auth
+
so-vnfm-adapter:
enabled: true
diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml
index ae83c05d29..cc8d682acd 100644
--- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml
+++ b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml
@@ -28,7 +28,7 @@ global:
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nfvo/svnfm/huawei:1.3.6
+image: onap/vfc/nfvo/svnfm/huawei:1.3.8
pullPolicy: Always
#Istio sidecar injection policy